@@ -102,16 +102,36 @@ func TestAuthorization(t *testing.T) {
102102 name : "deleted user" ,
103103 expectedErr : aibridgedserver .ErrDeletedUser ,
104104 mocksFn : func (db * dbmock.MockStore , apiKey database.APIKey , user database.User ) {
105+ user .Deleted = true
105106 db .EXPECT ().GetAPIKeyByID (gomock .Any (), apiKey .ID ).Times (1 ).Return (apiKey , nil )
106- db .EXPECT ().GetUserByID (gomock .Any (), user .ID ).Times (1 ).Return (database.User {ID : user .ID , Deleted : true }, nil )
107+ db .EXPECT ().GetUserByID (gomock .Any (), user .ID ).Times (1 ).Return (user , nil )
108+ },
109+ },
110+ {
111+ name : "suspended user" ,
112+ expectedErr : aibridgedserver .ErrInactiveUser ,
113+ mocksFn : func (db * dbmock.MockStore , apiKey database.APIKey , user database.User ) {
114+ user .Status = database .UserStatusSuspended
115+ db .EXPECT ().GetAPIKeyByID (gomock .Any (), apiKey .ID ).Times (1 ).Return (apiKey , nil )
116+ db .EXPECT ().GetUserByID (gomock .Any (), user .ID ).Times (1 ).Return (user , nil )
117+ },
118+ },
119+ {
120+ name : "dormant user" ,
121+ expectedErr : aibridgedserver .ErrInactiveUser ,
122+ mocksFn : func (db * dbmock.MockStore , apiKey database.APIKey , user database.User ) {
123+ user .Status = database .UserStatusDormant
124+ db .EXPECT ().GetAPIKeyByID (gomock .Any (), apiKey .ID ).Times (1 ).Return (apiKey , nil )
125+ db .EXPECT ().GetUserByID (gomock .Any (), user .ID ).Times (1 ).Return (user , nil )
107126 },
108127 },
109128 {
110129 name : "system user" ,
111130 expectedErr : aibridgedserver .ErrSystemUser ,
112131 mocksFn : func (db * dbmock.MockStore , apiKey database.APIKey , user database.User ) {
132+ user .IsSystem = true
113133 db .EXPECT ().GetAPIKeyByID (gomock .Any (), apiKey .ID ).Times (1 ).Return (apiKey , nil )
114- db .EXPECT ().GetUserByID (gomock .Any (), user .ID ).Times (1 ).Return (database. User { ID : user . ID , IsSystem : true } , nil )
134+ db .EXPECT ().GetUserByID (gomock .Any (), user .ID ).Times (1 ).Return (user , nil )
115135 },
116136 },
117137 {
@@ -201,7 +221,7 @@ func TestAuthorization(t *testing.T) {
201221
202222// When IsAuthorizedRequest carries KeyId instead of Key, the server skips
203223// the secret check and validates only that the key exists, is unexpired, and
204- // belongs to a non-deleted non-system user. This is the path used by
224+ // belongs to an active, non-deleted, non-system user. This is the path used by
205225// in-process delegated callers (e.g., chatd) that hold only the key ID.
206226func TestAuthorization_Delegated (t * testing.T ) {
207227 t .Parallel ()
@@ -260,8 +280,31 @@ func TestAuthorization_Delegated(t *testing.T) {
260280 name : "deleted user" ,
261281 expectedErr : aibridgedserver .ErrDeletedUser ,
262282 mocksFn : func (db * dbmock.MockStore , apiKey database.APIKey , user database.User ) {
283+ user .Deleted = true
263284 db .EXPECT ().GetAPIKeyByID (gomock .Any (), apiKey .ID ).Times (1 ).Return (apiKey , nil )
264- db .EXPECT ().GetUserByID (gomock .Any (), user .ID ).Times (1 ).Return (database.User {ID : user .ID , Deleted : true }, nil )
285+ db .EXPECT ().GetUserByID (gomock .Any (), user .ID ).Times (1 ).Return (user , nil )
286+ },
287+ },
288+ {
289+ // The delegated path must reject inactive users; transport
290+ // trust does not override account suspension.
291+ name : "suspended user" ,
292+ expectedErr : aibridgedserver .ErrInactiveUser ,
293+ mocksFn : func (db * dbmock.MockStore , apiKey database.APIKey , user database.User ) {
294+ user .Status = database .UserStatusSuspended
295+ db .EXPECT ().GetAPIKeyByID (gomock .Any (), apiKey .ID ).Times (1 ).Return (apiKey , nil )
296+ db .EXPECT ().GetUserByID (gomock .Any (), user .ID ).Times (1 ).Return (user , nil )
297+ },
298+ },
299+ {
300+ // Dormant users are inactive unless they are explicitly
301+ // reactivated through the HTTP middleware path.
302+ name : "dormant user" ,
303+ expectedErr : aibridgedserver .ErrInactiveUser ,
304+ mocksFn : func (db * dbmock.MockStore , apiKey database.APIKey , user database.User ) {
305+ user .Status = database .UserStatusDormant
306+ db .EXPECT ().GetAPIKeyByID (gomock .Any (), apiKey .ID ).Times (1 ).Return (apiKey , nil )
307+ db .EXPECT ().GetUserByID (gomock .Any (), user .ID ).Times (1 ).Return (user , nil )
265308 },
266309 },
267310 {
@@ -270,8 +313,9 @@ func TestAuthorization_Delegated(t *testing.T) {
270313 name : "system user" ,
271314 expectedErr : aibridgedserver .ErrSystemUser ,
272315 mocksFn : func (db * dbmock.MockStore , apiKey database.APIKey , user database.User ) {
316+ user .IsSystem = true
273317 db .EXPECT ().GetAPIKeyByID (gomock .Any (), apiKey .ID ).Times (1 ).Return (apiKey , nil )
274- db .EXPECT ().GetUserByID (gomock .Any (), user .ID ).Times (1 ).Return (database. User { ID : user . ID , IsSystem : true } , nil )
318+ db .EXPECT ().GetUserByID (gomock .Any (), user .ID ).Times (1 ).Return (user , nil )
275319 },
276320 },
277321 }
0 commit comments